[pim] Re: [Shepherding AD review] review of draft-ietf-pim-light-03
"Hooman Bidgoli (Nokia)" <hooman.bidgoli@nokia.com> Wed, 07 August 2024 23:04 UTC
Return-Path: <hooman.bidgoli@nokia.com>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF67AC1840D4 for <pim@ietfa.amsl.com>; Wed, 7 Aug 2024 16:04:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.254
X-Spam-Level:
X-Spam-Status: No, score=-2.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nokia.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xiHNm2eiAwfq for <pim@ietfa.amsl.com>; Wed, 7 Aug 2024 16:04:14 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2088.outbound.protection.outlook.com [40.107.93.88]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F6C6C1840FA for <pim@ietf.org>; Wed, 7 Aug 2024 16:04:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=o/lsa6+Lk96XWEHzfCL93jvU+7W3bqbyJjzamW7YhglE4hrp4Ro4d7ymVlRl2KglwGT3XK+tHTi9h6/r5ol3/EOXBF/daCJCfbwzQ5GtyYcGTXTbd9/43ZWAoALwaqHr87BHXMi3sR/Kvsj5v/85OJlP0eYton4xZK0sUzrJQMVMqExF8UXELnStXHzikJSpLo7qR9+Yz4Yoja0Qc6Vyl//MDtP+Y4KYBJjy0GKECyAc3EJrJ7Ap5egc3lkxofnBaa6J9yhtJvDEqzD275wZrCq8si3oWNK+SGSo8dXsAb3zulJEXTjs1UbsN+PIKG9bDrV2BejxpgDefXmYLWNL1Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=j+gcbw0oqSkIIlHs7UUCi0XHe7Nh5chRZT+qE6ktVuc=; b=lH0FN7AVL25ATPft1oZYsZlozrgNnCBKm7LQuDecuDJ/Qb1VeUiltOqsEYaz1u2FPCwPk01IaAEH06AaSrQ7GwCwh2EVRWgyWz/GnYfZYt7P5EMFSzbryfE62Y2Q83rBr4Ohtq4/BYojR6haHj+0lfexfaQKQfKCrFbYnClqLfTwDPNI86Sp2l0N7AImnxoddCUiKVQ5u163YjjugskqtPNFSbSabdp2jiFkq5RMwrRAE7gXVqKMAH5EJxQktMU5C8qNH7ZmCf+CSzov9LtsiacZBuFCqWscCr0BHUJ6jvDo/SsYY46gjzrb6AdN8coTLte28ZEKPyFMKdNupS9aEQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=j+gcbw0oqSkIIlHs7UUCi0XHe7Nh5chRZT+qE6ktVuc=; b=gTJtfI9TpQYuReUsKovUrujHv7JkHhRJw9GMuAcRle9mLxQj4MWkVgiwMRQR/cXKwe0yscwhNKAv2o21iGRBUsX/9m78x3ir7xK5Dc29gO40UM8zRsaSebmYoGqlduhH2iVmXU+azQh1ZCQ+cDNzGxUzvap1q4TnT3g8fJBeMoK9qyvfqsLA+fIXfSwTfbn3xym7ED+ed6VXbPw3n92b5Op/WEalXD+VLMig42goSjgbKvQLc1YF1kkkSm/nJudge1TD24oUOPqXuBgnicfl/Vq/V/8bxmZJj7bcQzA8jJqBqkBa78TmprXHKpWRM/vzOP6dX3+Pe2Rf/sl1hy8ZaA==
Received: from PH0PR08MB6581.namprd08.prod.outlook.com (2603:10b6:510:30::8) by SN4PR0801MB7821.namprd08.prod.outlook.com (2603:10b6:806:208::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.16; Wed, 7 Aug 2024 23:04:10 +0000
Received: from PH0PR08MB6581.namprd08.prod.outlook.com ([fe80::38ad:add6:9d73:b713]) by PH0PR08MB6581.namprd08.prod.outlook.com ([fe80::38ad:add6:9d73:b713%4]) with mapi id 15.20.7849.008; Wed, 7 Aug 2024 23:04:08 +0000
From: "Hooman Bidgoli (Nokia)" <hooman.bidgoli@nokia.com>
To: "pim@ietf.org" <pim@ietf.org>, "Gunter van de Velde (Nokia)" <gunter.van_de_velde@nokia.com>
Thread-Topic: Re: [pim] [Shepherding AD review] review of draft-ietf-pim-light-03
Thread-Index: AdrocT+vrp7U24ZpQ8GvUQpnIVCtRQ==
Date: Wed, 07 Aug 2024 23:04:08 +0000
Message-ID: <PH0PR08MB6581AACD25A98ECB7D6B72F091B82@PH0PR08MB6581.namprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nokia.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR08MB6581:EE_|SN4PR0801MB7821:EE_
x-ms-office365-filtering-correlation-id: e49d682f-2e37-4bd6-4d1a-08dcb7353e2a
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|38070700018;
x-microsoft-antispam-message-info: 3fqynHl8nbMFKhLzBe7zSJT2jgAoL9vUW+G7itYOJjN8GsIm2lktx4J2YcOK2VOnKmxPSlj0s1DDGP13ucttg32WEMreWGqxC5e4PmevNTJTlmjAL/g0BEMy7ltcVJNl6xhnMkC55aexkEy1YABhs7TensvvPQ+0TD4eNNWov0Vja9GCyNrvydDh+QXe/ucixgfhxqmyygn22imP5qH6oPo7Jkkzd7Hy4+O0s01eayjrrPwxDCEqsn6C5mLeaGnuuyv6f5BSWDPCUE2Tv9sTrPCWG7E0EI3Q8JIzpj1oE3/N285q00ukXDR3V4ZiE6cPIKxS51u6uoaFnLohiiCnnlLzFlfPv7FG0yjo6QDAnkkve/DmBdiVqVN9z5yDfyZ4lAe1KRFJYzK+UP+HkpLPdWoS40bOH/aTt1FP4CYwbiLoOrtS5HV+1fqWIECxp1QNTx5Ls5as76ox7FpbRe5io4cQOL8OrnImNeE/9yq7tlmKktksmAEDGqvWm3WP9w3ZqK82NRusCjY3kxVed46Ie27r6dZMHn3UVgIajEpSCc48MZUhPUd3hofYsJWERpe2rbWNhhRXyc52qcQ/cLnbLFSCwd46dLvtSME2TuKWEWA9TosDbGI0e6v/6hPMSK1LlRQJsaIZ1PrXEw4OaHCw6X9OXTr8hvy8ZtCGELC3UiNHoU/Fa3F8l3mPzogTgARRmLvFGSvcDsruO3jccriKcRqj5WPGDBFfMB3PJtLjNj/WE1swCQDs+jzPXToXWVGIfWGhwkw1teKkwnk+IdFAbldnM7kl5eytjfPHK6254DWyyLrm25YJUnidsgqGpjtmCS4fetjfnnsgbCkfSFVaOugYBuN1wZhc5Q7kr+UgZ7o19Kjw9gF0r2uNt1eTJQribhKwj88h0fcLN1Bhn58Cyw/V0rki4qI6Q8+K56vO175EH9dSUaIgN2QomPoVkR22fbM7opO/z+nHxQfWqqUdArHnztkDo+QUqKU0+a8+GCtXM0b9eTNFiKqG0lRrqWVCE9gFNqZ1f5wgS7933UELLv+BViXtH4N6CKGgIIK07tfc3VwBc1o9oHAknmp47rA4HgnvJwmaTo1UvV0KwixuhqXapuZ7EkJc0XB5ST7u9zrYnJNeXtMIY4b2S6u5UATVnImDR5H20Dd0MPfa/mvhs1OOamcI2IfZ1MR4uzqRRObTYpxyBT9xbcCnBldKTZdNGXEva2pGs/9M90thmHn67AkgwGwXsOv1Jn+WeJgenNbd5ou0clPKmF8hRoGsT+A8Bf+74yWkQh4vBUlAtV9y5evKyIprNNXbOR+/Pa0k9VkeN+3+/5JCRAloeKi5GHwBrkIp3Fa5nsphazz1+niMAyctvZkctkT9H7h/85wWG6Bc2SS6rc/2IgIF1NwrfLt7TrhqJ1qB5CVcIGpM8shIJg==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR08MB6581.namprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: sR6WQ0Q8qE+NXN6Lm13Ayxd05Mm7J3MAHCRVXHDfcK/SPyD+06KR8yULsqwZ08UxAec5kMnZaUu7bMY7CR883ge8cxfofnQxH57a7MccjCk1x2s7eqvbke9AyerLzFyRcqIvfPFUZG7l5ovzQyiWuNFWqH5Hb9XiX5G5AZ8nXQ8w8fSidc2gYLtYkf76tqt3O6zuketzcbcGi3BvTl93CBH746KWaLD7Q381kkJgwssAkv1HK0FguJhuVd2C13XtbAVoYHYVEInbRaQZO1I5Ggo6v9sSRPsJ6YUHGVKA/xlhNGMAuC7jdA8/IqzH+T/T6htSIEN12s2ak1lmqleWJY+rlp+8fy4WMbOGy1lnWQe8dmdLVPHLQJL1OjXN0+quJQsLPMESrB+pjSJfhKNT+foXgbUqtwSXfZD7shA2rLpfk52HizBRIIZqUxIo0RyDURQn1Uw5m/Lb8/qn02zEOg+45adWxzXWVtfr1zxdygsUT121RGc9V1YW1Zm6CoT2/JsKrBXm6h/bwuMQ+RByclZfQUCFL4073B3LfNJO465bgHlH5ycz7fPbQX0PctU4Noptssl09KA1VcGQLZtpF5QVHNWFPnNheHVZhKRzKNuZaSJuLbXd1pcGA6JbrjQ6TX0R2GImon7x4eyPOkW7G0Ohyrb+ucvYRZERRGWKdy4FTzemMT52bU8z9jjQug6PvqxfWRdKuzML5zT3KyS7s9b1hQClm/ExTUBcNLweG7zzY84GKKs9NAM42+6oFr1aHjQqW2UcnNTifjPpp7IRsxM3PKcBTGKrMTAc+qJGFc0eF0/QM0W74s7AoYMWA9y7avr7EGyROccfRIx6CDEY6j///yrjxQZV76+HltMD5HX2G9xzNJhcaqu3Pit9WvaMS2yJ3vyUZts17WcaWarVq9nf/oVgq9eC8Wf3agjqLKu6GxrW/S/KQvk+YBjoMztUHnMvDPcalDUJ6onTOby1XcByLctrDuCp5R6q/X+iMXqxwKXwuxarIibz0iP3dkxuP6WQNARFAXOMY3WUpAAuuARJMpBYXadMdQy5hLtU+aPKCkoT7MvfGAEOD8oKxMNaM3NMY/KWGjQ3z1foy2uWjBZ5OaVgEMJOL5ARu17IsbqJDStKf8a5K65JPf6CuBF8HhdM+VTZZFYkRPEjCfv7qRhftMXcLH6hBOETSFI6sQMnZPh90c91WrLb+S7cILjB5c5/t7RgaR5ACEvq4ec8e+dFi3hDia1Djhr1g3OaCJA04KxPjpi0Jnja9pXzwY08wYS3KWt6vT032FAjP2YSQdX3J2xWB53n8sVRIjDMm/eO5HDyfiSbwbKqsISX/zZK/MBvvxUA8/g+XXpIDKrCRhWXeu1bpIpZ677MxjXrZ6TimfFUfF2TrB7kmX3+A3/mwl64yhhMX6/61vMOps3DLd08Rh8kbJvrOPPeI3uyof6S9G6vlNahLuQzI58JpoG8qdDCwTZVudqHErzCdD7fsbAF+SFdQhVLbfohuUR0qTmSczEopL41hI67fWFA3OFtz+AbhN1fDvs8tfPnwJi8n1XM1q6mlf6VEii5uiJ+OrAy2+b+D1SeKFocZV2wopI6
Content-Type: multipart/alternative; boundary="_000_PH0PR08MB6581AACD25A98ECB7D6B72F091B82PH0PR08MB6581namp_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR08MB6581.namprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e49d682f-2e37-4bd6-4d1a-08dcb7353e2a
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Aug 2024 23:04:08.3498 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: V61180qHu9HDwhJ+sWoDzaj5rP98mMEljT2MZE9lYl7yejolqnysiQhz198bKshAGENPhORHy2nMnJDSaVvQVpPeBrt4D1mXvTWrAOnAxKw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN4PR0801MB7821
Message-ID-Hash: PKPIMYMSXYT2NIH5WNZEPTNZZKC57CEV
X-Message-ID-Hash: PKPIMYMSXYT2NIH5WNZEPTNZZKC57CEV
X-MailFrom: hooman.bidgoli@nokia.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-pim.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [pim] Re: [Shepherding AD review] review of draft-ietf-pim-light-03
List-Id: Protocol Independent Multicast <pim.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/pim/hyb_FDl0IQtkjMiF9t6h5nuv2fY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Owner: <mailto:pim-owner@ietf.org>
List-Post: <mailto:pim@ietf.org>
List-Subscribe: <mailto:pim-join@ietf.org>
List-Unsubscribe: <mailto:pim-leave@ietf.org>
Hi Gunter Thanks for your review and comments. I uploaded a new version of the document. Some points/comments please 1. RFC 7761, Section 4.3.1, outlines the PIM neighbor discovery mechanism using Hello messages. Section 4.5 specifies that if a router receives a Join/Prune message from an IP source address without having previously received a PIM Hello message from that source, the router SHOULD discard the Join/Prune message without further processing. This procedure ensures that only messages from authenticated PIM neighbors are processed, maintaining the integrity and reliability of the multicast routing infrastructure. HB> "This procedure ensures that only messages from authenticated PIM neighbors are processed, maintaining the integrity and reliability of the multicast routing infrastructure." HB> I think you are misunderstanding the authenticated part. the hello messages can't authenticate the neighbor without IPsec AH mode or an authentication protocols like HMAC. This is why RFC7761 section 4.5 is pointing to section 6.3 and eventually IPsec for authentication. HB> I am omitting this last bit of your suggestion and going with the original text. 1. The following rewrite may be more clear for consumers of the document. The fact that with PIM Light there is processing of packets from an unauthenticated neighbor seems as a serious security concern. This shoul dbe mentioned as a concern and operational guidelines to reduce the risk vector HB> again I think you are confusing authentication of a router to PIM hello adjacency. Authentication is done via IPsec or HMAC hash over the PIM hello packets and other packets including join/prunes. This authentication is possible with PIM Light as well as mentioned in the security section. Hello messages do not authenticate the router. 3. The existing IANA registery for "PIM Message Types" may not be sufficient for PIM Light and may need update. The existing table may need a new column, used explicit for PIM Light to show which of the PIM Message Types is supported. It would be to lock the Message types currently supported and allows a framework for the future, unless through WG consensus the expectation is never any message ar eto be supported for PLI? HB> I can't see us supporting any new message for PLI in near future. As PLI only support join/prune message.
- [pim] [Shepherding AD review] review of draft-iet… Gunter van de Velde (Nokia)
- [pim] Re: [Shepherding AD review] review of draft… Hooman Bidgoli (Nokia)
- [pim] Re: [Shepherding AD review] review of draft… Gunter van de Velde (Nokia)
- [pim] Re: [Shepherding AD review] review of draft… Hooman Bidgoli (Nokia)
- [pim] Re: [Shepherding AD review] review of draft… Stig Venaas
- [pim] Re: [Shepherding AD review] review of draft… Hooman Bidgoli (Nokia)
- [pim] Re: [Shepherding AD review] review of draft… Gunter van de Velde (Nokia)